Spotting the Phish in a Sea of Email

Q.I got a message asking me to verify a new Dropbox account, but I never signed up for Dropbox. I suspect this is a hoax, but I looked at the return address and it seems to be pointing to Dropbox itself. Has my email account been hacked?

A. A compromised email account is often a possibility, especially if you have not taken precautions like enabling two-factor authentication, but a new wave of fraudulent spam has been going around and it uses supposed Dropbox verification as bait. In this type of phishing attack, the perpetrators put a legitimate Dropbox address in the message’s sender field — usually no-reply@dropbox.com, which is the real address Dropbox puts on messages when it is legitimately asking you to verify a new account.

Image

To see what’s hidden beneath a link or button in the iOS Mail app, press the screen and hold your finger there until the menu opens and then tap Cancel after you have confirmed your suspicions.CreditThe New York Times

However, the “Verify my email” button or link in the body of the message disguises the real destination the attacker wishes to send you. The button graphic or link is designed to send you to a phishing site or possibly download a virus; some observers have reported that the fake Dropbox links lead to ransomware that takes the user’s hard drive hostage by encrypting its files.

You can see the real link under the “Verify my email” button in a few ways, like viewing the message in plain text (instead of the HTML commonly used to display links and graphics in email) in your desktop mail program. On a mobile device, press and hold the button or link — but do not tap it as you normally would — to reveal the hidden address. You can report the phishing messages by forwarding them to abuse@dropbox.com.